diff options
| author | Stephen Smalley <[email protected]> | 2015-07-10 21:19:57 +0000 |
|---|---|---|
| committer | Paul Moore <[email protected]> | 2015-07-13 17:31:59 +0000 |
| commit | 5dee25d08eac01472904b0ab32ce35edee5c0518 (patch) | |
| tree | 41dc3bcb96fa1ceaf73de869ffdf8d2d30e8a3b9 /security/selinux/hooks.c | |
| parent | selinux: reduce locking overhead in inode_free_security() (diff) | |
| download | kernel-5dee25d08eac01472904b0ab32ce35edee5c0518.tar.gz kernel-5dee25d08eac01472904b0ab32ce35edee5c0518.zip | |
selinux: initialize sock security class to default value
Initialize the security class of sock security structures
to the generic socket class. This is similar to what is
already done in inode_alloc_security for files. Generally
the sclass field will later by set by socket_post_create
or sk_clone or sock_graft, but for protocol implementations
that fail to call any of these for newly accepted sockets,
we want some sane default that will yield a legitimate
avc denied message with non-garbage values for class and
permission.
Signed-off-by: Stephen Smalley <[email protected]>
Signed-off-by: Paul Moore <[email protected]>
Diffstat (limited to 'security/selinux/hooks.c')
| -rw-r--r-- | security/selinux/hooks.c | 1 |
1 files changed, 1 insertions, 0 deletions
diff --git a/security/selinux/hooks.c b/security/selinux/hooks.c index 4de09f0227b4..ef310f82717d 100644 --- a/security/selinux/hooks.c +++ b/security/selinux/hooks.c @@ -4559,6 +4559,7 @@ static int selinux_sk_alloc_security(struct sock *sk, int family, gfp_t priority sksec->peer_sid = SECINITSID_UNLABELED; sksec->sid = SECINITSID_UNLABELED; + sksec->sclass = SECCLASS_SOCKET; selinux_netlbl_sk_security_reset(sksec); sk->sk_security = sksec; |